2 Hardware and software (3)
Resources |
Revision Questions |
Information Technology IT
Login to see all questions
Click on a question to view the answer
1.
Explain how anti-virus software utilizes signature-based detection. What are the limitations of signature-based detection, and how do modern anti-virus solutions address these limitations?
Signature-based detection is a primary method used by anti-virus software to identify malware. It works by maintaining a database of "signatures" – unique sequences of code or byte patterns that are characteristic of known viruses, worms, and other malicious software. When the software scans a file, it compares the file's contents against these signatures. If a match is found, the file is flagged as malicious.
The process involves:
- Signature Creation: Security researchers analyze new malware samples and identify distinctive code patterns.
- Signature Storage: These patterns are compiled into a signature database.
- Scanning: The anti-virus software scans files and compares their contents to the signatures in the database.
- Detection: If a match is found, the software identifies the file as a threat.
Limitations of Signature-Based Detection:
- Unknown Threats: Signature-based detection is ineffective against new or previously unknown malware that does not have a corresponding signature in the database (zero-day exploits).
- Polymorphic Malware: Malware that changes its code frequently to avoid signature detection can bypass this method.
- False Positives: Sometimes, legitimate files may contain code that resembles malware signatures, leading to false positives (incorrectly identifying a safe file as malicious).
Modern anti-virus solutions address these limitations by incorporating other detection techniques, including:
- Heuristic Analysis: This technique analyzes the behavior of files and programs to identify suspicious activities, even if a signature is not available. For example, it might flag a program that attempts to modify system files or connect to unusual network locations.
- Behavioral Monitoring: This monitors the actions of running processes for suspicious behavior.
- Machine Learning: Machine learning algorithms are trained on vast amounts of data to identify patterns associated with malware, allowing them to detect new and evolving threats.
- Cloud-based Scanning: Leveraging cloud resources for scanning allows access to a larger and more up-to-date signature database and the ability to analyze files in a sandboxed environment.
2.
Describe the purpose of backup software. Outline the different backup methods available and discuss the advantages and disadvantages of at least two of these methods.
Backup software is designed to create copies of important data, ensuring that it can be recovered in the event of data loss due to hardware failure, software corruption, accidental deletion, or cyberattacks. The primary purpose is data protection and disaster recovery.
There are several different backup methods available:
- Full Backup: A complete copy of all selected data is created.
- Incremental Backup: Only the data that has changed since the last full or incremental backup is copied.
- Differential Backup: Only the data that has changed since the last full backup is copied.
- Cloud Backup: Data is stored on remote servers maintained by a third-party provider.
Advantages and Disadvantages of Full Backup:
| Advantages | Disadvantages |
| Simple to restore: All data is in one place. | Time-consuming: Requires a full copy of the data each time. |
| Complete data recovery. | Requires significant storage space. |
Advantages and Disadvantages of Incremental Backup:
| Advantages | Disadvantages |
| Faster backup times: Only changes are copied. | Restoration is more complex: Requires the full backup and all subsequent incremental backups. |
| Less storage space required. | Recovery can be slower if many incremental backups are needed. |
Cloud backup offers the advantage of offsite storage, protecting against local disasters. However, it relies on a stable internet connection and raises concerns about data security and privacy with a third-party provider.
3.
Question 1: Explain the difference between a compiler and an interpreter. In your answer, describe the process each undertakes when translating source code into executable code. Include examples of programming languages commonly associated with each type of system software.
A compiler translates the entire source code into machine code in one go, creating an executable file. This translation process is performed before the program is run. The resulting executable can then be run independently of the compiler. Examples of languages commonly compiled include C, C++, and Fortran. The compilation process involves lexical analysis, syntax analysis, semantic analysis, and code generation.
An interpreter, on the other hand, translates and executes the source code line by line. It doesn't create a separate executable file. The interpreter must be present every time the program is run. Examples of languages commonly interpreted include Python, JavaScript, and Ruby. The interpretation process involves reading a line of code, translating it, and then executing it immediately. This makes interpreted languages generally more flexible for development and testing.
Here's a table summarizing the key differences:
| Feature | Compiler | Interpreter |
| Translation Process | Entire code at once | Line by line |
| Executable File | Creates an executable | No executable file created |
| Execution | Independent of compiler | Requires interpreter every time |